Land rapid7#5379, new post modules to load into powershell sessions

data/exploits/powershell/powerfun.ps1

@@ -36,7 +36,7 @@ function powerfun
         $stream = $sslStream 
     }
 
-    [byte[]]$bytes = 0..255|%{0}
+    [byte[]]$bytes = 0..20000|%{0}
     $sendbytes = ([text.encoding]::ASCII).GetBytes("Windows PowerShell running as user " + $env:username + " on " + $env:computername + "`nCopyright (C) 2015 Microsoft Corporation. All rights reserved.`n`n")
     $stream.Write($sendbytes,0,$sendbytes.Length)
 

lib/msf/core/exploit/powershell.rb

@@ -17,21 +17,53 @@ def initialize(info = {})
       ], self.class)
   end
 
+  #
+  # Return a script from path or string
+  #
+  def read_script(script_path)
+    return Rex::Powershell::Script.new(script_path)
+  end
+
+  #
+  # Return an array of substitutions for use in make_subs
+  #
+  def process_subs(subs)
+    return [] if subs.nil? or subs.empty?
+    new_subs = []
+    subs.split(';').each do |set|
+      new_subs << set.split(',', 2)
+    end
+
+    new_subs
+  end
+
+  #
+  # Insert substitutions into the powershell script
+  # If script is a path to a file then read the file
+  # otherwise treat it as the contents of a file
+  #
+  def make_subs(script, subs)
+    subs.each do |set|
+      script.gsub!(set[0],set[1])
+    end
+
+    script
+  end
   #
   # Return an encoded powershell script
   # Will invoke PSH modifiers as enabled
   #
   # @param script_in [String] Script contents
   #
   # @return [String] Encoded script
-  def encode_script(script_in)
+  def encode_script(script_in, eof = nil)
     opts = {}
     datastore.select { |k, v| k =~ /^Powershell::(strip|sub)/ && v }.keys.map do |k|
       mod_method = k.split('::').last.intern
       opts[mod_method.to_sym] = true
     end
 
-    Rex::Powershell::Command.encode_script(script_in, opts)
+    Rex::Powershell::Command.encode_script(script_in, eof, opts)
   end
 
   #